Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7661 | Hig | 0.54 | 7.8 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | ||
| CVE-2016-7660 | Hig | 0.54 | 7.8 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port… | ||
| CVE-2016-7644 | Hig | 0.54 | 7.8 | 0.07 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2016-7637 | Hig | 0.54 | 7.8 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory… | ||
| CVE-2016-7633 | Hig | 0.54 | 7.8 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors. | ||
| CVE-2016-7621 | Hig | 0.54 | 7.8 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a… | ||
| CVE-2016-7617 | Hig | 0.54 | 7.8 | 0.05 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app. | ||
| CVE-2016-7612 | Hig | 0.54 | 7.8 | 0.04 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial… | ||
| CVE-2016-4669 | Hig | 0.54 | 7.8 | 0.04 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a… | ||
| CVE-2016-4625 | Hig | 0.54 | 7.8 | 0.02 | Jul 22, 2016 | Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. | ||
| CVE-2016-1863 | Hig | 0.54 | 7.8 | 0.01 | Jul 22, 2016 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653. | ||
| CVE-2016-1861 | Hig | 0.54 | 7.8 | 0.04 | Jun 19, 2016 | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. | ||
| CVE-2016-1848 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | ||
| CVE-2016-1846 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. | ||
| CVE-2016-1828 | Hig | 0.54 | 7.8 | 0.06 | May 20, 2016 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than… | ||
| CVE-2016-1827 | Hig | 0.54 | 7.8 | 0.06 | May 20, 2016 | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than… | ||
| CVE-2016-1825 | Hig | 0.54 | 7.8 | 0.06 | May 20, 2016 | IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-1823 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption)… | ||
| CVE-2016-1821 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-1819 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory… | ||
| CVE-2016-1813 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a… | ||
| CVE-2016-1803 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-1794 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-1793 | Hig | 0.54 | 7.8 | 0.05 | May 20, 2016 | AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-3142 | Hig | 0.54 | 8.2 | 0.05 | Mar 31, 2016 | The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06… | ||
| CVE-2016-1769 | Hig | 0.54 | 7.8 | 0.05 | Mar 24, 2016 | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. | ||
| CVE-2016-1767 | Hig | 0.54 | 7.8 | 0.05 | Mar 24, 2016 | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. | ||
| CVE-2016-1755 | Hig | 0.54 | 7.8 | 0.05 | Mar 24, 2016 | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. | ||
| CVE-2016-1749 | Hig | 0.54 | 7.8 | 0.04 | Mar 24, 2016 | IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-1744 | Hig | 0.54 | 7.8 | 0.04 | Mar 24, 2016 | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743. | ||
| CVE-2016-1743 | Hig | 0.54 | 7.8 | 0.05 | Mar 24, 2016 | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744. | ||
| CVE-2016-1721 | Hig | 0.54 | 7.8 | 0.01 | Feb 1, 2016 | The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2016-1720 | Hig | 0.54 | 7.8 | 0.01 | Feb 1, 2016 | IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2016-1719 | Hig | 0.54 | 7.8 | 0.01 | Feb 1, 2016 | The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2016-0778 | Hig | 0.54 | 8.1 | 0.20 | Jan 14, 2016 | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a… | ||
| CVE-2015-7068 | Hig | 0.54 | 7.8 | 0.04 | Dec 11, 2015 | IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | ||
| CVE-2009-1699 | Hig | 0.54 | 7.5 | 0.29 | Jun 10, 2009 | The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as… | ||
| CVE-2026-28907 | Hig | 0.53 | 8.1 | 0.00 | May 11, 2026 | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security… | ||
| CVE-2024-44250 | Hig | 0.53 | 8.2 | 0.00 | Apr 2, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | ||
| CVE-2025-43480 | Hig | 0.53 | 8.1 | 0.00 | Nov 4, 2025 | The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin. | ||
| CVE-2025-43323 | Hig | 0.53 | 8.1 | 0.00 | Nov 4, 2025 | This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user. | ||
| CVE-2025-43330 | Hig | 0.53 | 8.2 | 0.00 | Sep 15, 2025 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox. | ||
| CVE-2025-31189 | Hig | 0.53 | 8.2 | 0.00 | May 29, 2025 | A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox. | ||
| CVE-2025-31234 | Hig | 0.53 | 8.2 | 0.00 | May 12, 2025 | The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2025-24180 | Hig | 0.53 | 8.1 | 0.01 | Mar 31, 2025 | The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable… | ||
| CVE-2024-54537 | Hig | 0.53 | 8.2 | 0.00 | Jan 27, 2025 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox. | ||
| CVE-2024-54468 | Hig | 0.53 | 8.2 | 0.00 | Jan 27, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox. | ||
| CVE-2024-44309 | Med | 0.53 | 6.3 | 0.21 | KEV | Nov 20, 2024 | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site… | |
| CVE-2024-27815 | Hig | 0.53 | 7.8 | 0.02 | Jun 10, 2024 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges. | ||
| CVE-2018-4192 | Hig | 0.53 | 7.5 | 0.12 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue… |
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port…
- risk 0.54cvss 7.8epss 0.07
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory…
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a…
- risk 0.54cvss 7.8epss 0.05
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
- risk 0.54cvss 7.8epss 0.04
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial…
- risk 0.54cvss 7.8epss 0.04
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a…
- risk 0.54cvss 7.8epss 0.02
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
- risk 0.54cvss 7.8epss 0.01
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
- risk 0.54cvss 7.8epss 0.04
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
- risk 0.54cvss 7.8epss 0.05
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
- risk 0.54cvss 7.8epss 0.05
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
- risk 0.54cvss 7.8epss 0.06
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
- risk 0.54cvss 7.8epss 0.06
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
- risk 0.54cvss 7.8epss 0.06
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.54cvss 7.8epss 0.05
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption)…
- risk 0.54cvss 7.8epss 0.05
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.54cvss 7.8epss 0.05
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory…
- risk 0.54cvss 7.8epss 0.05
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a…
- risk 0.54cvss 7.8epss 0.05
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.54cvss 7.8epss 0.05
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.54cvss 7.8epss 0.05
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.54cvss 8.2epss 0.05
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06…
- risk 0.54cvss 7.8epss 0.05
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
- risk 0.54cvss 7.8epss 0.05
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
- risk 0.54cvss 7.8epss 0.05
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
- risk 0.54cvss 7.8epss 0.04
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.54cvss 7.8epss 0.04
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
- risk 0.54cvss 7.8epss 0.05
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
- risk 0.54cvss 7.8epss 0.01
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- risk 0.54cvss 7.8epss 0.01
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- risk 0.54cvss 7.8epss 0.01
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- risk 0.54cvss 8.1epss 0.20
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a…
- risk 0.54cvss 7.8epss 0.04
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
- risk 0.54cvss 7.5epss 0.29
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as…
- risk 0.53cvss 8.1epss 0.00
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security…
- risk 0.53cvss 8.2epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
- risk 0.53cvss 8.1epss 0.00
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.
- risk 0.53cvss 8.1epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to fingerprint the user.
- risk 0.53cvss 8.2epss 0.00
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox.
- risk 0.53cvss 8.2epss 0.00
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.
- risk 0.53cvss 8.2epss 0.00
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.53cvss 8.1epss 0.01
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable…
- risk 0.53cvss 8.2epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox.
- risk 0.53cvss 8.2epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.
- risk 0.53cvss 6.3epss 0.21
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site…
- risk 0.53cvss 7.8epss 0.02
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.
- risk 0.53cvss 7.5epss 0.12
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
Page 12 of 169